An issue was discovered in Apport before 2.20.4. There is a path traversal issue in the Apport crash file "Package" and "SourcePackage" fields. These fields are used to build a path to the package specific hook files in the /usr/share/apport/package-hooks/ directory. An attacker can exploit this path traversal to execute arbitrary Python files from the local system.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2016-12-17T03:34:00
Updated: 2024-08-06T03:07:31.640Z
Reserved: 2016-12-14T00:00:00
Link: CVE-2016-9950
Vulnrichment
No data.
NVD
Status : Modified
Published: 2016-12-17T03:59:00.327
Modified: 2024-11-21T03:02:03.650
Link: CVE-2016-9950
Redhat
No data.